3 matches found
CVE-2026-42874
CVE-2026-42874 affects Microdot prior to version 2.6.1, where Response.set_cookie() does not sanitize string arguments and fails to detect the CRLF sequence, enabling HTTP header injection via cookie storage. Exploitation requires the attacker to first compromise a client (e.g., through a separat...
microdot 注入漏洞
Microdot is a minimalistic Python web framework developed by Miguel Grinberg. Versions of Microdot prior to 2.6.1 contained an injection vulnerability. This vulnerability stemmed from the Response.setcookie method not properly cleaning the string parameters, which could lead to header injection...
CVE-2022-22730
Improper authentication in the IntelR Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access...